MCPcopy Index your code
hub / github.com/EXboys/skilllite

github.com/EXboys/skilllite @v0.1.29

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.1.29 ↗ · + Follow
3,775 symbols 11,076 edges 425 files 1,052 documented · 28%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

SkillLite

CI License: MIT GitHub Stars PyPI


📖 Documentation | 文档

English 中文
📗 English Docs · Pick path · Getting Started · Architecture · Env Reference · Contributing 📘 中文文档 · 选择路径 · 入门指南 · 架构说明 · 环境变量 · 贡献指南

Pick your path

One repository ships several entry points. Each row links to the English hub; 中文 is linked at the top of that page if you prefer it.

Goal First stop
Desktop GUI — local assistant, skills, optional IDE layout Path 1 — Desktop
Sandbox / MCP — isolated skills in Cursor, OpenCode, or your own stack Path 2 — Sandbox & MCP
Full stackskilllite CLI, Python SDK, evolution Path 3 — Full stack

A lightweight secure Self-evolution engine built in Rust, featuring a built-in native system-level sandbox, zero dependencies, and fully local execution.

We built the most secure skill sandbox in the ecosystem (20/20 security score). Then we realized: the real value isn't just safe execution — it's safe evolution.

[Performance Benchmark Video]

Performance Benchmark Comparison

Architecture

┌──────────────────────────────────────────────────────────────┐
│  Self-Evolving Engine(自进化引擎)                             │
│                                                              │
│  Immutable Core (compiled into binary, never self-modifies)  │
│  ├─ Agent loop, LLM orchestration, tool execution            │
│  ├─ Config, metadata, path validation                        │
│  └─ Evolution engine: feedback → reflect → evolve → verify   │
│                                                              │
│  Evolvable Data (local files, auto-improves over use)        │
│  ├─ Prompts   — system / planning / execution prompts        │
│  ├─ Memory    — task patterns, tool effects, failure lessons  │
│  └─ Skills    — auto-generated skills from repeated patterns  │
│                         ▼                                    │
│          all evolved artifacts must pass ▼                    │
├──────────────────────────────────────────────────────────────┤
│  Security Sandbox(安全沙箱)                                  │
│                                                              │
│  Full-chain defense across the entire skill lifecycle:       │
│  ├─ Install-time: static scan + LLM analysis + supply-chain  │
│  ├─ Pre-execution: two-phase confirm + integrity check       │
│  └─ Runtime: OS-native isolation (Seatbelt / bwrap / seccomp)│
│     ├─ Process-exec whitelist, FS / network / IPC lockdown   │
│     └─ Resource limits (CPU / mem / fork / fsize)            │
└──────────────────────────────────────────────────────────────┘

Why two layers, not one? Evolution without safety is reckless — evolved skills could exfiltrate data or consume unbounded resources. Safety without evolution is static — the Agent never improves. SkillLite welds them together: the evolution engine produces new prompts, memory, and skills; the sandbox layer ensures every evolved artifact passes L3 security scanning + OS-level isolation before execution. Evolution is auditable, rollbackable, and never modifies the core binary.

skilllite (Evolution) skilllite-sandbox (lightweight)
Binary size ~6.2 MB ~3.6 MB
Startup RSS ~4 MB ~3.9 MB
Agent mode RSS (chat / agent-rpc) ~11 MB
Sandbox execution RSS ~11 MB ~10 MB

Measured on macOS ARM64, release build. Sandbox RSS is dominated by the embedded Python process.

Use the full stack or just the sandbox: skilllite gives you evolution + agent + sandbox. skilllite-sandbox is a standalone binary (or MCP server) that any agent framework can adopt — no need to buy into the full SkillLite stack.


🧬 Intelligence: evolution without lowering the safety bar

Many products now advertise self-adapting or self-evolving agents. SkillLite’s stance is narrower and easier to keep accurate over time: prompts, memory, and skills may evolve, but they stay behind the same immutable core and full-chain sandbox as everything else — install-time scan, pre-execution gates, OS-level isolation, and governance (thresholds, backlog, rollback). Evolved artifacts are not exempt: they pass the same L3 checks + sandbox as manually installed skills.


🔒 Security: Full-Chain Defense

Most sandbox solutions only provide runtime isolation. SkillLite defends across the entire skill lifecycle — three layers in a single binary:

┌─────────────────────────────────────────────────┐
│ Layer 1 — Install-time Scanning                 │
│ ├─ Static rule scan (regex pattern matching)    │
│ ├─ LLM-assisted analysis (suspicious → confirm) │
│ └─ Supply-chain audit (PyPI / OSV vuln DB)      │
├─────────────────────────────────────────────────┤
│ Layer 2 — Pre-execution Authorization           │
│ ├─ Two-phase confirm (scan → user OK → run)     │
│ └─ Integrity check (hash tamper detection)      │
├─────────────────────────────────────────────────┤
│ Layer 3 — Runtime Sandbox                       │
│ ├─ OS-native isolation (Seatbelt / bwrap)       │
│ ├─ Process-exec whitelist (interpreter only)    │
│ ├─ Filesystem / network / IPC lockdown          │
│ └─ Resource limits (rlimit CPU/mem/fork/fsize)  │
└─────────────────────────────────────────────────┘
Capability SkillLite E2B Docker Claude SRT Pyodide
Install-time scanning
Static code analysis
Supply-chain audit
Process-exec whitelist
IPC / kernel lockdown
Filesystem isolation partial partial partial
Network isolation
Resource limits partial partial partial
Runtime sandbox
Zero-dependency install
Offline capable partial

Runtime Security Scores (20-item test suite)

Platform Blocked Score
SkillLite (Level 3) 20/20 100%
Pyodide 7/20 35%
Claude SRT 7.5/20 37.5%
Docker (default) 2/20 10%

Full 20-item security test breakdown

Test Item SkillLite Docker Pyodide Claude SRT
File System
Read /etc/passwd ✅ Blocked ❌ Allowed ✅ Blocked ❌ Allowed
Read SSH private key ✅ Blocked ✅ Blocked ✅ Blocked ✅ Blocked
Write to /tmp dir ✅ Blocked ❌ Allowed ❌ Allowed ✅ Blocked
Directory traversal ✅ Blocked ❌ Allowed ✅ Blocked ❌ Allowed
List root directory ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
Network
Send HTTP request ✅ Blocked ❌ Allowed ✅ Blocked ✅ Blocked
DNS query ✅ Blocked ❌ Allowed ❌ Allowed ✅ Blocked
Listen port ✅ Blocked ❌ Allowed ❌ Allowed ✅ Blocked
Process
Execute os.system() ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
Execute subprocess ✅ Blocked ❌ Allowed ✅ Blocked ❌ Allowed
Enumerate processes ✅ Blocked ❌ Allowed ❌ Allowed ✅ Blocked
Send process signal ✅ Blocked ❌ Allowed ✅ Blocked ⚠️ Partially
Resource Limits
Memory bomb ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
Fork bomb ✅ Blocked ❌ Allowed ✅ Blocked ❌ Allowed
CPU intensive compute ✅ Blocked ✅ Blocked ❌ Allowed ✅ Blocked
Code Injection
Dynamic import os ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
Use eval/exec ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
Modify built-in funcs ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
Information Leakage
Read environment vars ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
Get system info ✅ Blocked ❌ Allowed ❌ Allowed ❌ Allowed
# Reproduce: run security comparison tests
cd benchmark && python3 security_vs.py

⚡ Performance

Dimension SkillLite Docker Pyodide SRT
Warm Start 40 ms 194 ms 672 ms 596 ms
Cold Start 492 ms 120s ~5s ~1s
Memory ~10 MB ~100 MB ~50 MB ~84 MB
Deployment Single binary Requires daemon Requires Node.js Requires installation

3-5x faster execution, 10x lower memory footprint vs Docker/SRT.

Benchmarking standard: SkillLite avoids the MicroVM layer entirely for local code execution: no guest kernel, VM monitor, image, or sandbox service stack. Its focused no-Python sandbox launch benchmark runs at 111 ms avg / 113 ms P95 with ~1.14 MB child peak RSS. This is process RSS, not directly comparable to MicroVM VMM-overhead/PSS figures. Real Python skill execution is reported separately: ~40 ms warm, ~492 ms cold, and ~10 MB RSS.

Performance benchmark details & commands

Performance Benchmark Comparison

The root benchmark/ results are primarily produced by Python scripts that exercise Python skill execution. For no-Python measurements, only the focused skilllite-sandbox launch-path microbenchmark is documented here to avoid mixing it with Python E2E results.

No-Python skilllite-sandbox launch-path data (/usr/bin/true, 200 iterations, macOS ARM64):

Metric Native Spawn skilllite-sandbox Sandbox Overhead
Avg latency 0.806 ms 111.296 ms +110.490 ms
P50 latency 0.757 ms 112.020 ms +111.263 ms
P95 latency 1.063 ms 113.385 ms +112.322 ms
Child peak RSS 1.016 MB 1.141 MB +0.125 MB
cd benchmark/
python benchmark_runner.py --compare-levels --compare-ipc -n 100 -c 10

# Cold start comparison
python benchmark_runner.py --cold-start --compare-ipc

# Full test: cold start + high concurrency
python benchmark_runner.py --cold-start --cold-iterations 20 --compare-levels --compare-ipc -o results.json

# Optional no-Python skilllite-sandbox launch-path microbenchmark
./run_benchmark.sh --core-only

See benchmark/README.md for full documentation.


🎯 Why SkillLite?

In one sentence: Other agent frameworks are smart but unsafe, or safe but static. SkillLite is both — an Agent that gets measurably better over time, with every evolved artifact security-constrained by an OS-native sandbox.

  • vs Agent frameworks (AutoGen, CrewAI, LangGraph): They provide orchestration but no built-in evolution or sandbox. SkillLite evolves autonomously and executes safely.
  • vs Sandbox tools (E2B, Docker, Claude SRT): They provide isolation but no intelligence layer. SkillLite adds a full agent loop + self-evolution on top.
  • vs Evolution platforms (OpenClaw Foundry, EvoAgentX): They enable evolution but without security constraints on evolved artifacts. SkillLite enforces L3 scanning +

Extension points exported contracts — how you extend this code

EventSink (Interface)
Event sink trait for different output targets (CLI, RPC, SDK). [11 implementers]
crates/skilllite-agent/src/types/event_sink.rs
ProtocolHandler (Interface)
Extension point for Entry Layer protocols. Every transport that exposes SkillLite functionality externally implements t [4 …
skilllite/src/protocol.rs
ArtifactStore (Interface)
Run-scoped artifact store contract. Implementations must be `Send + Sync` so the store can be shared across async tasks [3 …
crates/skilllite-core/src/artifact_store.rs
SandboxBackend (Interface)
Extension point for sandbox execution backends. Implement this trait to add new isolation strategies (e.g. Landlock). S [1 …
crates/skilllite-sandbox/src/sandbox_backend.rs
TaskExecutor (Interface)
Executor trait: called when routing decides to execute locally. Implemented by the skilllite binary (agent integration). [1 …
crates/skilllite-swarm/src/routing.rs
IdeFileOpenerState (Interface)
* Chat read_file → IDE middle editor: MainLayout subscribes and clears after applying.
crates/skilllite-assistant/src/stores/useIdeFileOpenerStore.ts
EvolutionLlm (Interface)
(no doc) [1 implementers]
crates/skilllite-evolution/src/llm.rs
PlanningControlExecutor (Interface)
Executor for planning control tools (complete_task, update_task_plan). Implemented by the agent loop; passed to `registr [1 …
crates/skilllite-agent/src/extensions/registry.rs

Core symbols most depended-on inside this repo

is_empty
called by 604
crates/skilllite-agent/src/task_planner.rs
get
called by 429
crates/skilllite-executor/src/session.rs
ok
called by 331
crates/skilllite-assistant/src-tauri/src/skilllite_bridge/llm_routing_error.rs
get
called by 294
crates/skilllite-artifact/src/server.rs
is_empty
called by 224
crates/skilllite-core/src/skill/openclaw_metadata.rs
as_str
called by 187
crates/skilllite-agent/src/types/feedback.rs
create_dir_all
called by 162
crates/skilllite-fs/src/dir.rs
as_str
called by 129
crates/skilllite-evolution/src/scope.rs

Shape

Function 2,733
Method 547
Class 334
Enum 85
Interface 76

Languages

Rust84%
TypeScript11%
Python5%

Modules by API surface

crates/skilllite-agent/src/extensions/builtin/tests.rs78 symbols
crates/skilllite-agent/src/extensions/registry.rs73 symbols
crates/skilllite-agent/src/types/event_sink.rs65 symbols
crates/skilllite-evolution/src/scope.rs54 symbols
crates/skilllite-commands/src/wiki.rs52 symbols
benchmark/benchmark_runner.py52 symbols
crates/skilllite-agent/src/chat_session.rs48 symbols
crates/skilllite-agent/src/agent_loop/helpers.rs47 symbols
crates/skilllite-core/src/skill/metadata.rs43 symbols
crates/skilllite-agent/src/rpc.rs41 symbols
crates/skilllite-assistant/src-tauri/src/skilllite_bridge/workspace.rs40 symbols
crates/skilllite-sandbox/src/env/runtime_deps.rs39 symbols

For agents

$ claude mcp add skilllite \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page